In the UK, manufacturing devices with weak passwords is now banned

“Qwerty”, “admin”, “12345” are now illegal in the UK, as the law on ensuring all smart devices meet minimum security standards came into effect on Monday, April 29, 2024. Afisha.London magazine reached out to Dmitry Vyrostkov, the head of cybersecurity at DataArt, for clarification and found out the advantages and disadvantages of the new law for ordinary users.

 

Now, by law, manufacturers of phones, televisions, and other “smart” devices must protect internet-connected devices from cybercriminals. For this purpose, manufacturers are obliged to offer users the option to change any common passwords, and brands themselves must publish contact details for reporting errors and malfunctions. Manufacturers also need to be transparent about security system update schedules.

 

 

The UK Department for Science, Innovation, and Technology believes that the new law will help consumers be more confident that their devices are protected from cybercriminals. But is this really the case? A specialist responds:

 

“Using well-known default passwords is a common way to hack systems, and it’s great that the law now prohibits this. However, this is a superficial view of potential security issues. I’ll mention just a few points to consider whether users are prohibited from setting weak passwords themselves (e.g., “12345”), how securely these passwords are transmitted over the network or stored on the device, how password guessing attacks are prevented, and so on. The list of considerations becomes much longer when looking at device security comprehensively.

 

The problem also lies with manufacturers, who often ignore security reports or do not give priority attention to vulnerability fixes. Requiring them to simply publish contact details and the stated support period is unlikely to change their behaviour,” believes Dmitry Vyrostkov from DataArt.

 

 

The expert calls the new legislation rather initial and modest steps towards increasing device security, but it’s not enough. In addition to interacting with consumers, it is necessary to address the security of the entire device development process and associated online services.

 

 

In any case, the UK is aiming to become the safest place in the world for internet access, and this law is just the first step towards that goal. Cybercrime is becoming an increasingly acute problem in our world, so further steps towards security testing and the development of new mechanisms are inevitable.

 

 

Cover photo: Afisha.London / Midjourney

 

 

 


Read more: 

Tate Modern opens its doors to “Expressionists: Kandinsky, Münter and the Blue Rider”

Yehudi Menuhin in London: prodigy, violinist and goodwill ambassador

Exploring Malevich: Locations and Insights into His Revolutionary Art

Array ( [related_params] => Array ( [query_params] => Array ( [post_type] => post [posts_per_page] => 5 [post__not_in] => Array ( [0] => 112571 ) [tax_query] => Array ( [0] => Array ( [taxonomy] => category [field] => id [terms] => Array ( [0] => 2 ) ) ) ) [title] => Related Articles ) )
error: Content is protected !!